Truebit loses $26M to exploit as old DeFi protocols targeted

On Thursday at about 4pm London time, a hacker drained 8,535 Ether — roughly $26 million — from the reserves of Truebit by exploiting a bug in a smart contract deployed in 2021. The attacker then took just under $300,000 of the protocol’s TRU token. Truebit acknowledged the breach and, it said, “We are in contact with law enforcement and taking all available measures to address the situation.”

The compromised contract has no public record of a third-party audit, and the protocol moved to flag the incident soon after it occurred. The attack adds to a larger pattern of losses across crypto in 2025; data shows attackers stole more than $2.5 billion from projects this year.

Security researchers note Hackers are focusing on older DeFi protocols. Balancer lost $128 million in November from a contract live since 2021. Other legacy victims include vaults from Yearn Finance, projects from Rari Capital, and Ribbon Finance. Research commentary highlights that many of these contracts were written before current best practices were widespread and are no longer actively maintained. See a researcher’s discussion on the trend here and a developer post linking the trend to AI use by attackers here.

The Truebit breach used an integer overflow flaw — a numeric wraparound that lets attackers bypass checks and alter balances — a point noted in security posts explaining the vector. Integer overflows remain a recurring issue; for example, a July exploit on Cetus involved the same class of bug and led to about $220 million in losses.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Trump Won’t Pardon Sam Bankman-Fried, Says New York Times…
• BNY Launches Tokenized Bank Deposits for Institutions on L2s
• Trump vows alternate tariff powers if Court blocks IEEPA now
• Appeal rejected for French tax agent who leaked targets case
• Altcoin Rotation: XRP, Solana Rally as Bitcoin Consolidates.